CVE Community

CVE is an international information security community effort. In addition to the contributions of the CVE Editorial Board and the CVE Sponsor, numerous organizations from around the world have made their products CVE-Compatible, have included CVE Identifiers in their security advisories, and/or have adopted or promoted the use of CVE.

The CVE Initiative is industry-endorsed through the following:

CVE-Compatible Products & Services

Numerous organizations from around the world have made their information security products and services "CVE-Compatible" by incorporating CVE Identifiers.

CVE Numbering Authorities (CNAs)

CNAs are major OS vendors, security researchers, and research organizations that assign CVE Identifiers to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE Identifiers in the first public disclosure of the vulnerabilities.

CVE Editorial Board

The CVE Editorial Board, which includes members from numerous information security-related organizations from around world, approves which vulnerabilities or exposures are included in the CVE List.

CVE Sponsor

Managing the CVE Initiative requires substantial work on an ongoing basis. Current and past sponsors are listed.

CVE Adopted by International Standards Body ITU-T

The International Telecommunication Union's (ITU-T) Cybersecurity Rapporteur Group, which is the telecom/information system standards body within the treaty-based 150-year-old intergovernmental organization, adopted CVE as a part of its "Global Cybersecurity Information Exchange techniques (X.CYBEX)" by issuing Recommendation ITU-T X.1520 Common Vulnerabilities and Exposures (CVE), that is based upon CVE's current Compatibility Requirements, and any future changes to the document will be reflected in subsequent updates to X.CVE.

Page Last Updated: November 20, 2014